The SDMP uses the Diffie-Hellman key exchange as the way to establish session keys for forward secrecy of network traffic.
Diffie-Hellman Key Exchange
Recall that the generalized Diffie-Hellman key exchange looks like:
- Alice and Bob agree to use the values
p
andg
- Alice chooses secret
a
and sends BobA
, whereA=(g^a)%p
- Bob chooses secret
b
and sends AliceB
, whereB=(g^b)%p
- Alice computes
s
, wheres=(B^a)%p
- Bob computes
s
, wheres=(A^b)%p
- Alice and Bob share the secret
s
, which is the session key
Description
This object contains the values necessary to establish a Diffie-Hellman key exchange.
The object contains the following properties:
sdmp
(object, required)
This root property is part of the container object.
sdmp.schemas
(array of strings, required)
Must be a single array entry with the string value: connection
Note that this means that placing any additional information or metadata in the
container object beyond what is specified for the container
and connection
schema is considered an error.
connection
(object, required)
Holds the parameters used in the Diffie-Hellman key exchange.
connection.g
(integer, required)
The value g
from the Diffie-Hellman key exchange.
connection.p
(string, required)
The value p
from the Diffie-Hellman key exchange, whose octets are
unpadded base64url encoded.
connection.N
(string, required)
The value N
from the Diffie-Hellman key exchange (where N=(g^n)%p
) whose
octets are unpadded base64url encoded.
Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"sdmp": {
"type": "object",
"properties": {
"schemas": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"maxItems": 1
}
}
}
"connection": {
"type": "object",
"properties": {
"g": {
"type": "string"
},
"p": {
"type": "string"
},
"N": {
"type": "object"
}
},
"required": [ "g", "p", "N" ]
}
},
"required": [ "sdmp", "connection" ]
}